Ggsrun adds native sandbox for AI-generated Google Apps Script

Ggsrun now includes a native, in-memory sandbox that secures AI-generated Google Apps Script executions via the Apps Script API's scripts.run method [DevTo]. The Go runtime parses incoming scripts, replaces global service identifiers (e.g., SpreadsheetApp, UrlFetchApp) with prefixed proxies, and restores the remote project to its original state on completion or interruption [GitHub]. Key changes include zero external dependencies, no disk mutations, robust rollback, and a fine-grained whitelist defined in a sandbox_config.json file. The native sandbox enforces security at the V8 compilation stage, meaning the same protection works for every scripts.run invocation, regardless of the AI model or CLI front-end. By guaranteeing a rollback, ggsrun prevents accidental permission creep and keeps the remote Apps Script project tidy. The sandbox blocks data exfiltration (via UrlFetchApp), unauthorized document access (SpreadsheetApp, DriveApp), and email abuse (GmailApp, MailApp) [DevTo].